You have that server you can’t reboot but need to patch the kernel NOW (eg. #kernel flaw found#).. well, you can try this out.

First of all, we print out running kernel version:

# uname -r
2.6.32-71.29.1.el6.i686

Ok, we have to patch:

# yum update kernel*

Grab the kexec tools:

# yum install kexec-tools

Now we get last installed kernel version release and put it on a var:

# latestkernel=$(ls -t /boot/vmlinuz-* | sed "s/\/boot\/vmlinuz-//g" | head -n1)

# echo $latestkernel
2.6.32-220.4.1.el6.i686

# kexec -l /boot/vmlinuz-${latestkernel} --initrd=/boot/initramfs-${latestkernel}.img --append="$(cat /proc/cmdline)"

Finally, we can issue a reset:

# kexec -e

..and.. wow, we lost the system! ..Well, not exactly.

The system will “restart without restarting”..something like a fast reboot, without performing BIOS checks (and you know how long can a full system restart last).

# uname -r
2.6.32-220.4.1.el6.i686

It worked!

  • Be aware that kernel reset will perform a connection reset as well, together with resetting your uptime, so if you’re searching for something to grant your uptime record while security patching, well, this is not for you.